1.Personal data provided by the Customer is processed by the Seller, who is the Personal Data Controller (PDC) within the meaning of the Personal Data Protection Act of 29.8.1997 (Journal of Laws of 1997, No. 133 item 883 as amended).
2.The purpose and scope of processing personal data defines the scope of authorisation and data provided, in particular that sent by means of appropriate forms. Processing Customers’ personal data may regard an e-mail address, postal address, name, phone number and computer IP address.
3.Personal data will be processed in order to:
a) fulfil the provisions of legal regulations;
b) create an Account, complete an Order, including provision of electronic services, consider complaints, and execute other actions defined in the Terms and Conditions;
c) perform the Seller’s promotional and trade activities.
4. Processing of the Customer’s personal data for marketing processes requires the granting of a separate approval by the Customer.
5. Providing personal data and granting approval for processing thereof is voluntary, yet a lack of approval for processing personal data marked as obligatory will make it impossible for the Seller to deliver services and fulfil agreements (subject to section 4).
6. Approvals may be withdrawn at any time by sending such a request to the Seller’s e-mail or postal address stated in the Terms and Conditions.
7. The legal basis for processing of personal data as defined in section 3a consists in statutory authorisation for processing personal data necessary to act in compliance with legal regulations, while in situations defined in section 3b and c, it consists in contractual authorisation for processing of personal data when it is necessary to exercise the legitimate interest of PDC or data recipients as well as the Customer’s approval.
8. Data is made available in order to complete Orders and exercise contracts for electronic services only (to the forwarder and the Seller’s accounting services supplier). Personal data collected by the Seller may be also made available to:
a) authorised state bodies upon request pursuant to relevant legal regulations;
b) other persons and entities – in cases provided for by legal regulations.
9. Personal data may be made available to entities unauthorised under these Terms and Conditions only upon prior approval of the Customer to which the data relate.
10. Customers are entitled to control the processing of their data included in data bases, in particular to:
a) access, complete, and rectify their personal data, by placing such a request with the Seller;
b) demand temporary or permanent suspension of data processing or erasure of data if it is incomplete, outdated, incorrect, or if data was collected by breach of the Data Protection Act or is not necessary any longer for the purposes for which it has been collected;
c) object to processing of their personal data – when the provisions of legal regulations so provide – and to demand erasure of data when it is not necessary any longer for the purposes for which it has been collected.
11. Personal data provided to the Seller is stored and secured pursuant to effective legal regulations: the Personal Data Protection Act of 29.6.1997 (Journal of Laws, No. 101 of 2002 item 926 as amended), the Act on Electronic Services of 18.7.2002 r. (Journal of Laws, No. 144, item 1204 as amended), the regulation of the Minister of Internal Affairs and Administration of 29.4.2004 on personal data processing documentation and technical and organisational conditions which shall be met by devices and IT systems used for personal data processing (Journal of Laws, No. 100, item 1024).
12. The Seller utilises technical and organisational means ensuring protection of the data processed in proportion to potential risks and the category of protected data and, in particular, secures data against access by unauthorised persons, against processing in a manner that violates the Data Protection Act, loss, damage, or destruction.
13. If the Seller obtains information on the Customer’s use of an electronic service in a way that violates the Terms and Conditions or legal regulations (prohibited use), the Seller may process the Customer’s personal data within the scope necessary to determine the Customer’s liability.
14. The online service may store http requests; therefore, server log files may include selected information, including the IP address of the computer that sent a request, the name of the Customer’s station – identification by http protocol, if possible, the date and system time of registration to the service and incoming request, the number of bytes sent by the server, the URL address of the website visited by the user prior to the service if the user was referred to the service by a link, information on the user’s browser, information on errors occurring during http transactions.
15. Logs may be collected for the purposes of proper service management. Information may be accessed only by persons authorised to administer the IT system.
16. Log files may be analysed in order to compile statistics of the Service’s traffic and identify errors. A summary of such information does not allow for identification of Customers.